Privacy Policy

1. Introduction

Welcome to SplitDa ("we," "our," or "us"). This Privacy Policy explains how Ikolvi ("Developer") collects, uses, discloses, and safeguards your information when you use the SplitDa mobile application ("App"). We are committed to protecting your privacy and ensuring transparency about our data practices.

SplitDa is an expense splitting application designed to help roommates, travel groups, and friends track shared expenses and settle debts efficiently.

Developer Information

Developer Name	Ikolvi
App Name	SplitDa
Contact Email	connect@ikolvi.com

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Data Type	Purpose
Email Address	Account identification and authentication
Display Name	Identification within groups
Profile Picture	Visual identification (optional, from Google if using Google Sign-In)
Friend Code	Unique identifier for connecting with other users

2.2 Expense & Group Data

To provide our core services, we collect:

• Expense Information: Descriptions, amounts, dates, categories, and currencies of expenses you record
• Group Information: Group names, descriptions, and member lists for groups you create or join
• Settlement Records: Records of payments between group members
• Activity Logs: History of expense creation, updates, and deletions for tracking purposes

2.3 Device Information

To enable push notifications and ensure proper functionality:

• Device Token: Firebase Cloud Messaging token for push notifications
• Device Platform: iOS or Android for notification formatting
• Device Name: For identifying your registered devices

2.4 Analytics & Advertising Identifiers

To improve our services and understand how users interact with the app, we collect:

• Screen Views: Which screens you visit within the app
• Feature Usage: Actions like creating groups, adding expenses, and recording settlements
• App Events: Sign-in methods, theme changes, and notification preferences
• Performance Metrics: Sync times and offline usage patterns
• Error Reports: Anonymous error data to help us fix bugs

2.5 Device Identifiers (via AppsFlyer)

We use AppsFlyer for analytics and attribution, which may collect:

• Device ID: Unique device identifier for analytics purposes
• Advertising ID: Google Advertising ID (Android) or IDFA (iOS) for attribution and analytics
• IP Address: For geolocation and fraud prevention
• Device Information: Model, OS version, screen size, and carrier information
• App Install Information: Install source, campaign attribution, and referrer data

AppsFlyer data is used to:

• Understand app installation sources and marketing campaign effectiveness
• Analyze user behavior patterns to improve the app
• Detect and prevent fraudulent installations
• Track app performance across different devices and platforms

Analytics data is collected anonymously and is used solely to improve the app experience. We do not use this data for targeted advertising or sell it to third parties. You can opt-out of AppsFlyer tracking by adjusting your device settings (see Section 7.2).

2.6 Information We Do NOT Collect

• Location data
• Contacts or address book
• Photos (we only access photos for QR code scanning, and they are processed locally without being uploaded or stored)
• Microphone recordings
• Browsing history
• Third-party app usage

3. How We Use Your Information

We use your information to:

• Provide Core Services: Track expenses, calculate balances, and manage group memberships
• Enable Notifications: Send alerts about new expenses, settlements, and group activities
• Sync Data: Keep your expenses synchronized across devices
• Generate Analytics: Show you spending summaries and charts (locally processed)
• Improve Services: Understand usage patterns to enhance the app
• Analytics: Track feature usage and app performance to identify improvements
• Error Monitoring: Identify and fix bugs to improve reliability

4. Data Storage & Security

4.1 Where We Store Data

Storage Location	Data Stored	Purpose
Supabase Cloud	All account, expense, and group data	Primary data storage and sync
Device (SQLite)	Cached copy of your data	Offline access and performance
Firebase	Push notification tokens	Notification delivery
Firebase Analytics	Anonymous usage data	App improvement and analytics

4.2 Security Measures

We implement industry-standard security measures to protect your personal and sensitive data:

• Encryption in Transit: All data transmitted between your device and our servers uses HTTPS with TLS 1.2+ encryption
• Encryption at Rest: Data stored in our databases is encrypted using AES-256 encryption
• Secure Authentication: We use PKCE OAuth 2.0 flow for secure sign-in, preventing token interception attacks
• Access Control: Row-Level Security (RLS) policies ensure you can only access your own data and data from groups you belong to
• Token Security: Authentication tokens are securely stored and automatically refreshed
• Regular Security Updates: We regularly update our dependencies and infrastructure to address security vulnerabilities

4.3 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide information about what data was affected
• Explain the steps we are taking to address the breach
• Provide guidance on steps you can take to protect yourself

5. Third-Party Services

We use the following third-party services:

Service	Purpose	Data Shared
Supabase	Backend infrastructure and database	All app data (encrypted)
Firebase Cloud Messaging	Push notification delivery	Device tokens, notification content
Google Sign-In	Authentication (optional)	Email, name, profile picture
Firebase Analytics	App analytics and improvement	Anonymous usage events, screen views, feature usage
AppsFlyer	Analytics and attribution tracking	Device ID, Advertising ID, IP address, device info, app events

We use Firebase Analytics and AppsFlyer to understand how users interact with our app. This data is used solely to improve our services and understand user acquisition. We do not use this data for targeted advertising or sell it to third parties.

6. Data Sharing

Your data is shared only in the following limited circumstances:

• With Group Members: Your expense information (name, expenses you create, settlements) is visible to members of groups you voluntarily join
• With Service Providers: We share data with trusted third-party services that help us operate the App:
  • Supabase - for secure data storage and synchronization
  • Firebase - for push notifications and analytics
  • AppsFlyer - for analytics and attribution tracking
  • Google - for authentication (if you use Google Sign-In)
• Legal Requirements: We may disclose your data if required by law, legal process, or governmental request, or to protect the rights, property, or safety of Ikolvi, our users, or others
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction with prior notice to users

6.1 Third-Party Service Providers

Our service providers are contractually obligated to:

• Use your data only for providing services to us
• Maintain appropriate security measures
• Not sell or use your data for their own purposes

7. Your Rights & Choices

7.1 Access Your Data

You have the right to access your personal data. You can:

• View all your personal data, expenses, and groups within the App at any time
• Request a copy of your data by emailing connect@ikolvi.com

We will respond to data access requests within 30 days.

7.2 Analytics Opt-Out

Analytics collection is enabled by default to help us improve the app. If you prefer not to have your usage data collected, you can:

• Disable Analytics in App: Contact us to disable analytics tracking for your account
• Advertising ID Opt-Out (Android): Go to Settings → Google → Ads → Opt out of Ads Personalization
• Advertising ID Opt-Out (iOS): Go to Settings → Privacy & Security → Tracking → Disable "Allow Apps to Request to Track"
• Reset Advertising ID: You can reset your advertising ID in your device settings to prevent tracking continuity

Note: Opting out of advertising IDs will not affect the core functionality of the app.

7.3 Notification Controls

You can customize your notification preferences in Settings, including:

• Enable/disable specific notification types (expenses, settlements, members)
• Set quiet hours when notifications are silenced
• Completely disable push notifications

7.4 Delete Your Account

You have the right to delete your account and all associated personal data. See Section 9.2 for detailed information about the account deletion process and what data is removed.

8. Children's Privacy

SplitDa is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

9. Data Retention and Deletion

9.1 Data Retention Periods

• Active Accounts: Your personal data and expense records are retained as long as your account remains active
• Inactive Accounts: Accounts inactive for more than 24 months may be subject to deletion after prior notification
• Analytics Data: Anonymous analytics data is retained for up to 14 months
• Backup Data: System backups containing your data may be retained for up to 30 days after account deletion

9.2 Account Deletion

You can request deletion of your account and associated data at any time by:

• In-App: Navigate to Settings → Account → Delete Account
• Email Request: Send a deletion request to connect@ikolvi.com

Upon account deletion:

• Your profile information (name, email, profile picture) will be permanently deleted
• Your device tokens and notification preferences will be removed
• Local cached data on your device will be cleared
• You will be removed from all groups
• Expense records you created may be anonymized but retained for other group members' records

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy in the app
• Updating the "Last Updated" date
• Sending a notification for significant changes

12. Camera and Photo Library Permissions

SplitDa requests camera and photo library access solely for scanning QR codes to:

• Join groups via QR code invitations
• Accept shared expenses via QR codes

Camera Access

We use the camera to scan QR codes in real-time. We do not take photos, record video, or use the camera for any other purpose.

Photo Library Access

We access the photo library only to scan QR codes from saved images. We do not upload, store, or transmit your photos. The selected image is processed locally on your device and is immediately discarded after scanning.